I think it was more of a joke (the last part) than an insult.... ISA is not designed to protect people from doing stupid things, like installing software. That itself is a function of your network OS. ISA is there to broker a connection between to systems with a set of rules that define what kind of traffic there can be. If you really don't want your users to be able to get spyware and browser hijacks, then that's a function of group policies or user privileges. Personally, when I want to surf the web at home, I log in as a user that can't do ANYTHING in the system other than run IE. In fact, I just got a copy of Virtual PC 2004 so now I don't even have to worry about that by using a built system state and just not ever saving the changes. Emulated machines rule! =?) (btw, that would be creepy if Tom was in fact Evil Dr. Tom..... Considering how most of us on here read his book and use them as a guideline.... Makes me want to go back to school and become and Evil Dr. *sniff*) Troy -----Original Message----- From: Quillman Shawn (RBNA/CSA1) * [mailto:Shawn.Quillman@xxxxxxxxxxxx] Sent: Tuesday, September 14, 2004 11:15 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Spyware Issue(s) http://www.ISAserver.org No, that is actually not the point of this conversation. Go back and re-read it. Filtering is the same for anything, you have to know the URL's you want to filter or you have to have a 3rd party product in place to do the filtering for you. And if you want to keep your job then you had better find time to clean the machines that do get infected when you don't take the precautions to secure your browsers and clients (even if you do filter at the ISA level). And I suggest you take your personal vendettas off this list. -Shawn ----- Shawn R. Quillman Robert Bosch Corporation RBNA/CSA1 38000 Hills Tech Drive Farmington Hills, MI 48331 (248) 553-1164 (P) (248) 848-6969 (F) shawn.quillman@xxxxxxxxxxxx -----Original Message----- From: Ray [mailto:rdzek@xxxxxxxxxxxxxxx] Sent: Tuesday, September 14, 2004 11:59 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Spyware Issue(s) http://www.ISAserver.org This discussion is all well and good, but it totally misses the point. What is being done, or what can be done, to filter the spyware BEFORE it gets on the machine at the ISA level? Cleaning up after the fact is great for job security and for times when we don't have anything else better to do. Which btw, is NEVER. Where are the articles on isaserver.org discussing how to keep all this crap off the network to begin with? Maybe Dr Shinder is secretly running an evil spyware empire on the side and doesn't want us to know? And what exactly is he a doctor of? Ray Dzek Network Operations Supervisor Specialized Bicycle Components